The Deal with Password Alternatives
Date: August 3 2016
Publication: Passwords16 Las Vegas
Source: Currently no known Internet copy of paper.
Abstract or Summary:
Many discussions on how to break passwords, but what to do about it? There are various methods, but its hard to ge tthe right infomation as to the differences without the vendor coolaid involved. This talk will take off from where red team leaves off and go through nearly all of the password alterntive possibilities. It will outline practical differences, pluses, cons, but also the technical layers that are typically overlooked and less understood.
It will emphasize context within the commerical organizations that need to be managed at scale, resiliant, integrate with existing applications and lifecycle methodologies, and discuss the pitfalls of how each techonlogy can be implmented the wrong way and turn a security solution into one that is comprimised from the start. We will review password managers (single sign on), one-time password generators (how they actually work) from tokens to sms, RFID cards, PKI, smart cards, PIV, biometrics, and othe rmethods. Last, within organizations, identify credentials can't be assessed apart from identity management and relate systems, so we'll review the demands of actual implmentation and management to each.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=nKcN06xqA90
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.